> On Tue, 1 Feb 2000, Mikhail A.Golovanov wrote:
> > You'd better not encrypt passwords on the client side - and there is
> > no need to do so. At least I did not mean that. You POST
> > username/password to a servlet as usual and that servlet does all
> > the necessary calculations and checking.
> [ ... ]
Milt Epstein asks:
> But then isn't the password being sent in the clear, and hence
> vulnerable to snooping?
I think it's implied/assumed that it's a vanilla POST to an SSL
server, hence not in the clear. A reasonable assumption on Mikhail's
part, considering the amount of discussion of SSL already in this
thread.
Steven J. Owens
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
